juice-shop
63 строки · 1.8 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import frisby = require('frisby')7const Joi = frisby.Joi8const security = require('../../lib/insecurity')9
10const API_URL = 'http://localhost:3000/api'11
12const authHeader = { Authorization: 'Bearer ' + security.authorize(), 'content-type': 'application/json' }13
14describe('/api/PrivacyRequests', () => {15it('POST new complaint', () => {16return frisby.post(API_URL + '/PrivacyRequests', {17headers: authHeader,18body: {19UserId: 1,20deletionRequested: false21}22})23.expect('status', 201)24.expect('header', 'content-type', /application\/json/)25.expect('jsonTypes', 'data', {26id: Joi.number(),27createdAt: Joi.string(),28updatedAt: Joi.string()29})30})31
32it('GET all privacy requests is forbidden via public API', () => {33return frisby.get(API_URL + '/PrivacyRequests')34.expect('status', 401)35})36})37
38describe('/api/PrivacyRequests/:id', () => {39it('GET all privacy requests is forbidden', () => {40return frisby.get(API_URL + '/PrivacyRequests', { headers: authHeader })41.expect('status', 401)42})43
44it('GET existing privacy request by id is forbidden', () => {45return frisby.get(API_URL + '/PrivacyRequests/1', { headers: authHeader })46.expect('status', 401)47})48
49it('PUT update existing privacy request is forbidden', () => {50return frisby.put(API_URL + '/PrivacyRequests/1', {51headers: authHeader,52body: {53message: 'Should not work...'54}55})56.expect('status', 401)57})58
59it('DELETE existing privacy request is forbidden', () => {60return frisby.del(API_URL + '/PrivacyRequests/1', { headers: authHeader })61.expect('status', 401)62})63})64